FDIC phishing...

[I_W]

Here we go again!

I received this today in TWO different e-mail accounts. I wonder how many people will get sucked in to this.

From: "FDIC" <Dyan_Bela@mail.com> [ Save address ]
To: <xxxxx@xxxxxx.xxx>
Subject: Important News About Your Bank Account
Date: Sat, 24 Jan 2004 07:23:59 -0400 (EST)
To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and Local Governments your account has been denied insurance from the Federal Deposit Insurance Corporation due to suspected violations of the Patriot Act. While we have only a limited amount of evidence gathered on your account at this time it is enough to suspect that currency violations may have occurred in your account and due to this activity we have ithdrawn Federal Deposit Insurance on your account until we verify that your account has not been used in a violation of the Patriot Act.

As a result Department Of Homeland Security Director Tom Ridge has advised the Federal Deposit Insurance Corporation to spend all deposit insurance on your account until such time as we can verify your identity and your account information.

Please verify through our IDVerify below. This information will be checked against a federal government database for identity verification. This only takes up to a minute and when we have verified your identity you will be notified of said verification and all suspensions of insurance on your account will be lifted.

http://www.fdic.gov/idverify/cgi-bin/index.htm

Failure to use IDVerify below will cause all insurance for your account to be terminated and all records of your account history will be sent to the Federal Bureau of Investigation in Washington D.C. for analysis and verification. Failure to provide proper identity may also result in a visit from Local, State or Federal Government or Homeland Security Officials.

Thank you for your time and consideration in this matter.

Donald E. Powell
Chairman Emeritus FDIC

John D. Hawke, Jr.
Comptroller of the Currency

Michael E. Bartell
Chief Information Officer

===========================================

A "properties" on the reply link in this yields:
http://www.fdic.gov
@202.63.206.88/index.htm

The IP is for:

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

-----------------
Received: from ameritech.net (adsl-65-43-36-119.dsl.lgtpmi.ameritech.net[65.43.36.119](misconfigured sender))
by sccrmxc14.comcast.net (sccrmxc14) with SMTP
id <20040123172741s1400306rle>; Fri, 23 Jan 2004 17:27:41 +0000
X-Originating-IP: [65.43.36.119]
Received: from adsl-65-43-36-119.dsl.lgtpmi.ameritech.net (adsl-65-43-36-119.dsl.lgtpmi.ameritech.net [65.43.36.119])
by ameritech.net (8.12.8p1/8.12.8) with ESMTP id kqque265288
for <xxxx@xxxxxx.xxx>; Sat, 24 Jan 2004 07:24:01 -0400 (EST)
Message-ID: <mwzoe215628@mail.com>
From: "FDIC" <Dyan_Bela@mail.com>
-------------------------

Ameritech Electronic Commerce
NET-AMER-654200 (NET-65-42-0-0-1) 65.42.0.0 - 65.43.255.255

[nomaxim]

????
AV WARNING?

I get a 'Exploit-URLSpoof.gen' whenever I open this thread.

'Delete' clears it!

What's up? Has happened 6 times now.

Reported to MOD!

[I_W]

Quote:

Originally posted by nomaxim
????
AV WARNING?

I get a 'Exploit-URLSpoof.gen' whenever I open this thread.

'Delete' clears it!

What's up? Has happened 6 times now.

Reported to MOD!

I wonder if it was because what I copied into it does have a spoofed URL?

I changed the post so the URLs aren't parsed. Maybe that'll fix it.

I've never encountered that before.

[nomaxim]

Still getting the same A/V response from this thread I_W?

One of the Mod's checked and wasn't getting anything either?

Must be a bug in my system.

SORRY, Must just be me, since you did remove all links, I can't think why I would have problems.

Again, Sorry for crapping your thread!

PS: Got the same warning again when I posted my response.

Me neither...

BTW, mail.com is (or was) a place where you can choose a "personalized" email address.
I had one of theirs years ago, *@writeme.com

[nomaxim]

Again Sorry I_W,

It's my heuistics scan that was finding the problem!

Not your fault. Mine.

SORRY!

PLEASE STAND BY!

[vass0922]

Your scan was correct
h t t p : / / w w w .fdic.gov
@202.63.206.88/index.htm

That does NOT send you to fdic.gov

Its a spoofed URL, thats' completly bogus and uses a known vulnerability in IE
that
char you see, is a carriage return
If you use a good browser like Opera you wouldn't have to worry about huge gaping security holes that they still haven't fixed like that.

[nomaxim]

Using Netscape 7.1. Still getting the alerts even thou he removed the link. ????

[osprey4]

Still, if a thousand people get this e-mail and one idiot responds, the spammer wins.